To Test, run rhnpush with at least the following different setups:
* push an unsigned rpm to a channel with the --nosig flag
* push a signed rpm to a channel.
* sign your unsigned rpm, and push. it should fail with mismatched md5sum. push
again with --force. it should overwrite the old rpm.
After pushing these all, you should be able to see both md5sum and sha256sum on the rpm's details page.